Blackhat USA 2012 – Pushing Past Intrusion Tolerance, Cutting Edge Research

The Blackhat 2012 keynote started the event with Shawn Henry, and ex-Fbi director, painting a grim, seemingly unspeakable picture of cyberespionage in the US. It was interesting that he continually spoke about the gravity of the situation and the need to apply what he learned at the Fbi to protecting digital assets, but he couldn’t describe a single concrete example. At the same time, other than a weapon of mass destruction, he claimed that cyber threats are the single biggest problem facing this nation. This inability to convey concrete details during the Blackhat keynote only highlights some of the problem in understanding the cyber problem. And it’s the problem of overclassification of computer network exploitation (CNE) incidents and a tangled set of dynamics that silence breach data sharing and exchange for this massive problem.

While parts of the talk were very interesting, especially discussion of creating a hostile network for your adversaries and taking intrusion tolerance a step further, it was criticized for being a bit self-promoting. All across the twitters, tweets like this one protested signs of this year’s corporate influence.

The two days of talks explored some new territory. Day 1 included “Advanced ARM Exploitation”, where Stephen Ridley and Stephen Lawler provided some more indepth Android exploitation details and the quirks in exploring the software and developing exploits on the platform. For example, ROP techniques are required even to perform the ancient ret2libc technique on Android. They poured over data manipulation on ARM and particular assembly level tricks, specifics of discovering ROP pivots and pushing data into the stack on ARM for control. The talk provided content from their hands-on, 650+ slides across 12 decks, 80 page lab manual, multi-day course “Practical ARM Exploitation”.

Read more: Blackhat USA 2012 – Pushing Past Intrusion Tolerance, Cutting Edge Research